On 07/02/2018 07:47 PM, Hanno Böck wrote: > I don't want to say this is unworkable. But these are challenges and > imho fixing them all is really,
I'll say it, it is unworkable, you need a trusted party doing verification of developers at point in time, then sign it with release engineering keys for distribution to end-users. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
signature.asc
Description: OpenPGP digital signature
